Hi,
I need to remove the identity_source so my authorizer can process a variety of identity_sources from unchangable legacy applications. The authorizer is fully working in Production.
I can’t create the authorizer with no identity source as per Terraform documentation :
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_authorizer
identity_source
- (Optional) The source of the identity in an incoming request. Defaults to method.request.header.Authorization
.
So I remove the identity source after the fact as per below. The issue is that on a clean create of the stack I get this:
“An error occurred (BadRequestException) when calling the UpdateAuthorizer operation: Invalid request input”
Run the Terraform below and it works, but only on the 2nd time. I tried delaying the commands with both a Terraform sleep and also a bash sleep as well as a deploy command prior to the delete.
I think even though Terraform is claiming the create is done and I have the dependencies set, there still is a race condition.
Any way to make this clean on first deploy?
Thanks,
Marc
# Add a custom authorizer
resource "aws_api_gateway_authorizer" "authorizer" {
name = "${local.name_prefix}-authorizer"
rest_api_id = aws_api_gateway_rest_api.rtp.id
authorizer_uri = aws_lambda_function.authorizerCustomer.invoke_arn
authorizer_credentials = aws_iam_role.rtp-gateway-role.arn
type = "REQUEST"
identity_source = "method.request.header.MYTOKEN"
authorizer_result_ttl_in_seconds = 0
}
resource "null_resource" "update-authorizer" {
depends_on = [aws_api_gateway_authorizer.authorizer]
triggers = {
always_run = timestamp()
}
provisioner "local-exec" {
command = "aws apigateway update-authorizer --rest-api-id ${aws_api_gateway_rest_api.rtp.id} --authorizer-id ${aws_api_gateway_authorizer.authorizer.id} --patch-oper
ations op='remove',path='/identitySource' --region ${var.region}"
}
}
resource "null_resource" "create-deployment" {
depends_on = [null_resource.update-authorizer]
triggers = {
always_run = timestamp()
}
provisioner "local-exec" {
command = "aws apigateway create-deployment --rest-api-id ${aws_api_gateway_rest_api.rtp.id} --stage-name ${var.stack} --region ${var.region}"
}
}